Basic Switch Configuration

Commands for IOS-enabled switches (e.g., 2900XL, 2950, 1900, and 3550) are almost identical to those on the IOS routers, which makes them fit nicely into the scope of this book. To connect a switch to the network, we must first configure the management port, as described next.

14.3.1. Configuring the Management Port (VLAN 1)

In order to access a switch remotely with telnet (SSH is not yet available on switches), ping, or SNMP, we need to supply a few basic pieces of information, including the IP address, subnet mask, and a default gateway.

We won't be applying the IP address to an interface; in fact, you should never configure a physical switch interface with an IP address unless it's a layer 3 switch. Instead, we apply the address to a logical interface. If you look at a default configuration of one of the IOS-based switches that we mentioned previously, you will see the physical ports, such as interface fastethernet0/1 through interface fastethernet0/24. You will also see interface VLAN 1. This does not correspond to a physical port; it is a logical port. By default, VLAN 1 is the management VLAN. Different protocols, which help to manage the network between devices such as CDP or VTP, travel over the management VLAN. When we assign an IP address to a switch, we configure it on the logical VLAN interface. You can configure the default management VLAN 1 with an IP address; however, any VLAN to which you assign an IP address becomes the management VLAN.

Figure 14-3 illustrates a very simple network, consisting only of a router and a switch. In our example network, you can imagine that we just replaced a hub with our new switch. Now that we have swapped our hub for a new switch, we need to configure it.

Figure 14-3. Basic switch connection to the network

14.3.2. Simple Switch Configuration

In this configuration, we are going to set VLAN 1 (the management VLAN for the switch) to 192.168.1.1/24 and our default gateway to the IP address of the router, which is 1921.68.1.254/24.

On our interfaces, we have the ability to leave the speed and duplex settings in auto negotiate, which means that the device will try to detect and set them automatically. Unfortunately, these auto-sensing features are notoriously bad at choosing the correct setting. Furthermore, an incorrect duplex setting can result in serious network latency and intermittent connectivity.

At half duplex , it is possible for both devices to sense that the wire is available and to transmit at the exact same time, which results in a collision. Collisions are considered normal. However, more than a one percent ratio of errors to total traffic signals indicates that something else might be wrong.

At full duplex , the collisions counter is not active. A duplex mismatch causes impaired collision handling. It's always a good idea to set these values explicitly in interface configuration with the speed and duplex commands.

interface fastethernet 0/3
speed 100
duplex full

To verify the settings, use the show interface command, just as you would on a router:

If a device is slowing down your network, check the speed and duplex settings for the switch and the device. If you see increasing CRC errors, alignment errors, or runts on your network, it could be a duplex mismatch.

14.3.4. Sample VLAN Configuration

In our previous example, we configured only the management VLAN for the switch (VLAN 1). To make our network more realistic, let's split our network up into four VLANs: VLAN 1, VLAN 2 (Human Resources), VLAN 3 (Development), and VLAN 4 (Sales).

Figure 14-4 shows how these VLANs will be configured in our network.

Figure 14-4. Splitting up the network with VLANs

As you can see, VLAN 2 (Human Resources) and VLAN 3 (Development) each have routers for their subnets while VLAN 4 (Sales) is simply composed of three hosts that are directly connected to the switch.

14.3.5. VLAN Interface Commands

To make an interface a member of a VLAN, use the switchport access command on each interface. In very simple terms, this command assigns an interface to each VLAN. The following configuration shows the switch commands for the network illustrated in Figure 14-4:

That's great! We've configured our VLANs just the way we want them. However, there's a big problem with this network. As you might recall from our previous discussion, each VLAN is a separate subnet, which means that VLANs 2, 3, and 4 are all logically separated. Router 1 can access only VLAN1 in this configuration, which means that the other VLANs can't access each other or Router 1. So what do we do? We need to make Router 1 a member of all VLANs. To do that, we need to employ trunking .